coldtobi's blog

• Main
• Archives
• Albums
• Links
• Admin

• Blog and Website [88]
• DSL RAM [2]
• Electronics and Atmel AVR [10]
• fanctrl [3]
• General [8]
• German [1]
• La Fonera [28]
• Lifetype [17]
• Linux / Debian [31]
• Monetizing A Blog [8]
• my 2 cents [19]
• Netzfunde [17]
• Nice Links [1]
• solarpowerlog [1]
• Thecus N2100 [15]
• Tips and Tricks [18]

• Configure lighttp to simulate .htaccess rules (Deny From All)
• WoW Money Laundering?
• Samba: No mount as user.
• Nice Links #1 -- How hardrives works and how they do recovery
• Squirrelmail and lighttpd -- An Installation Guide --
• Link Crosscompiling
• git cheat sheet

• RSS 0.90
• RSS 1.0
• RSS 2.0
• Atom

• Privacy Policy
• Disclosure Policy

Safe Updating La Fonera to 0.7.1.3

Now, fon released another update for "La Fonera": The Company tries to auto-update to 0.7.1.3

In this article, I'll try give a more in-depth look at the changes in the upgraded firmware, and show how to safely update to this version.

The update will not disable ssh, and/or fix any "security/liberty" holes. However, it will reactivate the automatic updates, so backup your /bin/thinclient or make sure to repatch it after your're done. 

Updating 

As procedure for the updates is the same as in the earlier version, I suggest you read this article.

Heres the md5 sum of the new update -- just to make sure, you get the same version:

4f93ebd027f1a5925df7487f7eec779b  upgrade.fon

If your md5sum differs, be cautionous! If the md5 is ok, it is safe to execute the update:

cd /tmp

wget http://download.fon.com/firmware/update/0.7.1/2/upgrade.fon

/bin/fonverify /etc/public_fon_rsa_key.der /tmp/upgrade.fon

Don't forget to restore your thinclient. (I'll take a look later at the changes and will patch this file to reflect the changes. But to play safe, we'll use the old version till then.) 

Analyzing the changes

The following files has been changed from 0.7.1 r2 t r3: 

/bin/thinclient

/etc/banner /etc/fon_revision  /etc/functions.sh /etc/init.d/N45ntpclient

/usr/bin/haserl /usr/lib/qos.sh /usr/lib/webif/validate.awk

/www/cgi-bin/webif/* (everthing in this directory)

Lets look take a look at the files:

/bin/thinclient -- The changes just simpliefies the old version and the MAC of the ethernet plug is extraced a little more robust. However, the automatic update will be reenabled.

/etc/banner, /etc/fon_revision -- Changes just reflects the new version number

/etc/functions.sh --  Small changes. I did not analyze the purpose, but this changes will not lock the fonera.

/etc/init.d/N45ntpclient -- The changelog mentions "bugfixing the ntp server selection". Before it often did not work, so this fixes are really nice to have.

/bin/haserl, /usr/lib/webif/validate.awk -- The "haserl" script. As I could not find the (updated) GPL code, and did only look at the binary, only one guess: This is a part of the "some people need special chars for PPoE"-Fix. The new chars are "&" and "%". Same for the validate.awk. 

/usr/lib/qos.sh -- They say, there were problems with the upload bandwith thottleing. They fixed it here.

/www/cgi-bin/webif/* -- Some handling changed. The "Submit"-String has been replaced by "@TR<<Submit>>". This can be related to the Asian Language fix, but not further evaluated. In adv_pf.sh, one can find the fix for the bug regarding deletion of the forwarding rules. 

Conclusion:

This time, the changelog was complete. It is safe to apply the patch, but take care about the /bin/thinclient.